Best practice rules for Redis Cache
- Check for TLS Protocol Latest Version
Ensure that Azure Redis Cache servers are using the latest version of the TLS protocol.
- Check for Virtual Network Deployment and Integration
Ensure that Azure Cache for Redis servers are injected to an Azure virtual network (VNet).
- Configure IP Firewall Rules for Azure Cache for Redis Servers
Ensure that IP firewall rules are configured for your Azure Cache for Redis instances.
- Configure Preferred Maintenance Window for Scheduled Updates
Ensure there is a preferred maintenance window configured for your Azure Cache for Redis servers.
- Configure Update Channel
Ensure that production Azure Cache for Redis servers are using the "Stable" update channel.
- Disable Access Keys Authentication for Azure Cache for Redis Servers
Avoid using local authentication methods such as access keys for authentication to Redis cache.
- Disable Non-TLS Access for Redis Enterprise Cache Servers
Ensure that all your Enterprise Redis cache clusters are TLS-enabled cache clusters.
- Disable Public Network Access to Azure Cache for Redis Servers
Ensure that public network access to Azure Cache for Redis servers is disabled.
- Enable Data Persistence for Azure Cache for Redis Servers
Ensure that data persistence is enabled for your Azure Cache for Redis servers.
- Enable Diagnostic Logs for Azure Cache for Redis Servers
Ensure that Diagnostic Logs are enabled for Azure Cache for Redis servers.
- Enable Geo-Replication for Azure Cache for Redis Servers
Ensure that geo-replication is enabled for your Azure Cache for Redis servers.
- Enable In-Transit Encryption for Redis Cache Servers
Ensure that in-transit encryption is enabled for all Microsoft Azure Redis Cache servers.
- Enable Redis Keyspace Notifications
Ensure that keyspace notifications are enabled for your Azure Cache for Redis servers.
- Enable Zone Redundancy for Azure Cache for Redis Servers
Ensure that zone redundancy is enabled for Azure Cache for Redis servers.
- Enterprise Redis Cache Clusters Encrypted with Customer-Managed Keys
Use Customer-Managed Keys (CMKs) to encrypt your Enterprise Redis cache cluster data.
- Use Managed Identities for Azure Cache for Redis Servers
Ensure that Azure Cache for Redis servers are using managed identities.
- Use Network Security Groups for Azure Cache for Redis Servers
Ensure that your Azure Cache for Redis servers are using Network Security Groups (NSGs).
- Use Resource Locks for Azure Cache for Redis Servers
Ensure that resource locks are enabled for your production Azure Cache for Redis servers.