|
Measures reported by AzrKeyVaultTest
Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys.
Anybody with an Azure subscription can create and use key vaults. Typically, Key Vaults benefit developers, security administrators, and even an organization's adminstrator who manages other Azure services. Authorized users can create a vault, create/import a key/secret in the vault, and can also authorize users/applications to access the vault to manage or use its contents.
If any application's attempt to access a vault ends in failure, or if any application experiences slowness during vault access, then that application will not be able to use the passwords/keys/certificates stored in the vault as and when it needs it. As a result, application performance will deteriorate. To avoid this, administrators should continuously monitor the status of and service levels delivered by every vault configured for an Azure subscription, and rapidly isolate the vault experiencing errors / failures / processing bottlenecks. This is where the AzrKeyVaultTest helps!
This test auto-discovers the Key Vaults configured for an Azure subscription. For each vault so discovered, this test then tracks the provisioning status of that vault, and notifies administrators if errors are noticed during provisioning. The test also tracks the hits/requests to each vault, and measures the time taken by that vault to service the requests. This way, the test pinpoints the precise vault that is slow in processing requests to it. Additionally, the test also indicates the exact type of requests that a vault is having trouble processing - requests for keys? secrets? passwords? or others?. This eases troubleshooting.
Outputs of the test : One set of results for each Azure Key Vault configured for every resource group in the target Azure Subscription
The measures made by this test are as follows:
| Measurement |
Description |
Measurement Unit |
Interpretation |
| Prvsng_state |
Indicates the current provisioning status of this vault. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
| Measure Value |
Numeric Value |
| Succeeded |
1 |
| Updating |
2 |
| Error |
3 |
| Unknown |
0 |
Note:
By default, this measure reports the Measure Values listed in the table above to indicate the current provisioning status of a vault. In the graph of this measure however, the same is represented using the numeric equivalents only.
Use the detailed diagnosis of this measure to know the location, URI, family, and configuration of the vault.
|
| Api_hit |
Indicates the total number of times this vault has been accessed via the REST API. |
Number |
Azure Key Vault supports JSON formatted requests and responses. Requests to the Azure Key Vault are directed to a valid Azure Key Vault URL using HTTPS with some URL parameters and JSON encoded request and response bodies. |
| Api_latncy |
Indicates the average time taken by this vault to respond to REST API requests. |
Seconds |
A high value is indicative of slowness in processing the API requests. |
| Api_result |
Indicates the total volume of operations in this vault. |
Number |
Compare the value of this measure across vaults to know which vault has the maximum operational workload. |
| Hit_secret |
Indicates the number of times secrets have been accessed from this vault. |
Number |
|
| Hit_vault |
Indicates the number of times this vault has been accessed. |
Number |
If the value of this measure is abnormally high for any vault, then compare the value of the Secret hit, Key hit, Certificate hit, and Auxillary hit measures of that vault to know what type of requests are contributing to its workload - requests for secrets? keys? certificates? or others? |
| Hit_key |
Indicates the number of times keys in this vault have been accessed. |
Number |
|
| Hit_certfct |
Indicates the number of times certificates in this vault have been accessed. |
Number |
|
| Hit_axlry |
Indicates the number of times this vault has been accessed for contents other than keys, secrets, or certificates. |
Number |
|
| Latncy_vault |
Indicates the time that elapsed between when this vault was hit and when it responded. |
Seconds |
A high value is indicative of a slow vault. If the value of this measure is abnormally high for any vault, then compare the value of the Key latency, Certificate latency, Secret latency , and Auxillary latency measures to know what type of requests are the most latent - requests for keys? certificates? secrets? or others? |
| Latncy_secrt |
Indicates the average time that elapsed between when a secret in this vault was hit and when that secret was returned. |
Seconds |
Ideally, the value of this measure should be low. A high value implies that the vault is taking too long to process requests for secrets. |
| Latncy_key |
Indicates the average time that elapsed between when a key in this vault was hit and when that key was returned. |
Seconds |
Ideally, the value of this measure should be low. A high value implies that the vault is taking too long to process requests for keys. |
| Latncy_crtfct |
Indicates the average time that elapsed between when a certificate in this vault was hit and when that certificate was returned. |
Seconds |
Ideally, the value of this measure should be low. A high value implies that the vault is taking too long to process requests for certificates. |
| Latncy_axlry |
Indicates the average time that elapsed between when any other content in this vault was hit and when that content was returned. |
Seconds |
Ideally, the value of this measure should be low. A high value implies that the vault is taking too long to process requests for contents other than keys/secrets/certificates. |
| Success_oprtn |
Indicates the number of operations performed in this vault that succeeded. |
Number |
Ideally, the value of this measure should be equal or close to the value of the Volume of operations measure. |
| Failure_oprtn |
Indicates the number of operations performed in this vault that failed. |
Number |
Ideally, the value of this measure should be 0 or much lower than the value of the Volume of operations measure. |
| Other_oprtn |
Indicates the number of other operations that were performed in this vault. |
Number |
|
|