Rule 2 - Azure CI-to-CI Relationships

Rule Synopsis

These are the rule/s that automatically determine and create the CI-to-CI relationships (dependencies) for each Azure Resource/CI Type.

Rule Details and Default

The default rule/s are described by the table below which show the default CI-to-CI Relationships per Resource/CI Type.

Resource/CI Types	Relationships
API Management Service	API Management Service Contained by Resource Group API Management Service Hosted on Datacenter
Application Gateway	Application Gateway Contained by Resource Group Application Gateway Hosted on Datacenter Application Gateway Owns Backend IP Address
App Service	App Service Contained by Resource Group App Service Distributed by Frontdoor Frontend App Service Hosted on App Service Plan App Service Hosted on Datacenter
App Service Plan	App Service Plan Contained by Resource Group App Service Plan Hosted on Datacenter
CDN Profile	CDN Profile Contained by Resource Group CDN Profile Hosted on Datacenter
CDN Profile End Point	CDN Profile Endpoint Contained by CDN Profile CDN Profile Endpoint Distributed by Frontdoor Frontend
Cognitive Services	Cognitive Services Contained by Resource Group Cognitive Services Hosted on Datacenter Cognitive Services Use End Point To Private Endpoint
Container Registry	Container Registry Contained by Resource Group Container Registry Hosted on Datacenter Container Registry Use End Point To Private Endpoint
Container Instance	Container Instance Hosted on Datacenter Container Instance Uses Container Registry
Container	Container Runs on Container Instance
CosmosDb for MongoDb	CosmosDb for MongoDb Contained by Resource Group CosmosDb for MongoDb Hosted on Datacenter CosmosDb for MongoDb Use End Point To Private Endpoint
Azure Datacenter	Many (many) - Refer other record sets for relationships to Datacentre
Azure Database for MySQL	Database for MySQL Hosted on Datacenter Database for MySQL Use End Point To Private Endpoint Database for MySQL Contained by Resource Group
Azure Database for PostgreSQL	Database for PostgreSQL Contained by Resource Group Database for PostgreSQL Hosted on Datacenter Database for PostgreSQL Use End Point To Private Endpoint
Disk	Disk Contained by Resource Group Disk Hosted on Datacenter Disk Managed by Virtual Machine Disk Provisioned from Image Disk Provisioned from Snapshot Disk Provisioned from Storage Account End Point
DNS Zone	DNS Zone Contained by Resource Group DNS Zone Hosted on Datacenter DNS Zone Owns DNS A-Record DNS Zone Owns DNS CNAME-Record
DNS A-Record	DNS A-Record Used by Resource
DNS CNAME-Record	DNS CNAME-Record Uses DNS A-Record
Event Hub	Event Hub Contained by Resource Group Event Hub Hosted on Datacenter
Express Route	Express Route Contained by Resource Group Express Route Hosted on Datacenter
Frontdoor	Frontdoor Contained by Resource Group Front Door Hosted on Datacenter
Frontdoor Frontend	Frontdoor Frontend Distributed by Frontdoor
Frontdoor Frontend End Point	End Point Distributed by Frontdoor Frontend
Image	Image Contained by Resource Group Image Hosted on Datacenter
Key Vault	Key Vault Contained by Resource Group Key Vault Hosted on Datacenter
Kubernetes Service	Kubernetes Service Contained by Resource Group Kubernetes Service Hosted on Datacenter Kubernetes Service Provided by Resource Group Kubernetes Service Uses Public IP Address
Load Balancer	Load Balancer Contained by Resource Group Load Balancer Hosted on Datacenter Load Balancer Uses Public IP Address
Local Network Gateway	Local Network Gateway Connected by On-Prem Network Device Local Network Gateway Contained by Resource Group Local Network Gateway Hosted on Datacenter
Logic App	Logic App Contained by Resource Group Logic App Hosted on Datacenter
NAT Gatway	NAT Gateway Contained by Resource Group NAT Gateway Hosted on Datacenter NAT Gateway Uses Public IP Address
Network Security Group	Network Security Group Contained by Resource Group Network Security Group Hosted on Datacenter
Network Interface	Network Interface Uses Network Security Group Network Interface Contained by Resource Group Network Interface Hosted on Datacenter
Private DNS Zone	Private DNS Zone Connected by Virtual Network Private DNS Zone Contained by Resource Group Private DNS Zone Hosted on Datacenter Private DNS Zone Owns Private DNS A-Record Private DNS Zone Owns Private DNS CNAME-Record
Private DNS A-Record	Private DNS A-Record Used by Resource
Private DNS CNAME-Record	Private DNS CNAME-Record Uses Private DNS A-Record
Private End Point	Private End Point Contained by Resource Group Private Endpoint Hosted on Datacenter Private End Point Implement End Point To Network Interface
Public IP Address	Public IP Address Contained by Resource Group Public IP Address Hosted on Datacenter
Recovery Services Vault	Recovery Services Vault Contained by Resource Group Recovery Services Vault Hosted on Datacenter Recovery Services Vault Use End Point To Private Endpoint
Resource Group	Resource Group Contained by Datacenter Resource Group Contained by Subscription
Snapshot	Snapshot Contained by Resource Group Snapshot Hosted on Datacenter
Storage Account	Storage Account Contained by Resource Group Storage Account Hosted on Datacenter Storage Account End Point Contained by Storage Account Storage Account Endpoint Distributed by CDN Profile Endpoint
Subscription	See Resource Group Relationships
Virtual Machine (Instance)^#2	Virtual Machines Contained by Resource Group Virtual Machine Hosted on Datacenter Virtual Machine Instantiates Computer^#1 Virtual Machine Owns Network Interface Virtual Machine Provisioned from Image
Virtual Machine Scale Set	Virtual Machine Scale Set Contained by Resource Group Virtual Machine Scale Set Distributed by Load Balancer Virtual Machine Scale Set Hosted on Datacenter Virtual Machine Scale Set Provisioned from Image Virtual Machine Scale Set Uses Network Security Group
Virtual Network	Virtual Network Contained by Resource Group Virtual Network Hosted on Datacenter Virtual Network Connected by Virtual Network
Virtual Network Gateway	Virtual Network Gateway Connected by Local Network Gateway Virtual Network Gateway Contained by Resource Group Virtual Network Gateway Hosted on Datacenter Virtual Network Gateway Uses Public IP Address Virtual Network Gateway Connected by Virtual Network
Virtual Network Subent	Virtual Network Subnet Contained by Virtual Network Subnet Uses NAT Gateway Subnet Contains Network Interface Subnet Contains App Service Subnet Contains Application Gateway Subnet Contains Key Vault Subnet Contains Kubernetes Service Subnet Contains Load Balancer Subnet Contains Private End Point Subnet Contains Storage Account Subnet Contains Virtual Network Gateway Subnet Uses Network Security Group

^#1 Please read the Additional Information section for more information about this relationship.

^#2 In the Azure Portal, Virtual Machine Instances are shown/labelled simply as “Virtual Machines” (which can further confuse this entire topic).

Override Options

Context

Customers may be seeking more CI-to-CI relationships (dependencies) than those shown above.

Options

Additional Relationships can be added (if the source system offers addtional ones).

Overriding via Connection Settings

N/A

Additional Information

Syncfish recommend the following FAQ article that explains the difference between Virtual Machine Instance objects/CIs and Virtual Machine objects/CIs.

The FAQ explains each object type, why the exist as separate objects, where they exist in the CMDB and how they relate to one another (i.e. the standard CI-to-CI Relationships or Dependencies created for these objects.

We suggest you read FAQ - Overview of Virtual Machine Instance objects and Virtual Machine objects and the associated CIs.

N/A

Support Model for Rule Overrides

Question: Can overrides be performed by customers without a Syncfish Extended Implementation and Support Plan?

Answer: No (a plan is needed - see below)

Question: Which Syncfish Extended Implementation and Support Plan is required to obtain overrides of this rule

Answer: Either a Silver Plan or Gold Plan