Add protection against deleting a production deployment
When you're running a mission critical service in Azure as one or more cloud services, deleting the production deployments my mistake can become catastrophic.
Not only because the service is suddenly out, but also, and perhaps more importantly, because you lose your public IP address. In many cases (ours included) losing the VIP reservation means weeks of downtime because we integrate with lots of banks and insurance companies many of which have a rigorous and time-consuming process for opening up their firewalls for incoming and outgoing calls to the new VIP.
As long as you either always deploy to staging and then VIP-swap, or only do in-place upgrades of your production slot, you're fine. But if you should happen to delete the production slot... disaster.
For that reason, it would be valuable to have a protection mechanism in place. I'm thinking a setting per cloud service called "don't allow production deployments to be deleted in this cloud service". Enabling this setting would provide valuable protection.
Li Xiong commented
Good idea. Definitely will look into it.
This is a no-brainer. Way too easy to accidentally delete production environments.
Daniel Stolt commented
You make an excellent point here: geo-replication and backups and fault tolerance seem somewhat futile when everything can be destroyed by two misdirected clicks.
Kent Carlson commented
I totally agree.
It is a total nightmare that there is no more protection than a black banner with grey text at the bottom before the production site is deleted. And you can also choose Production even when you have Staging on screen.
I want to add; I hate to choose important stuff in combos, touch the mouse wheel and you change the choice and you are done without notice.
As an administrator and owner I do not dare to let other people into the admin site since a mistake can be made and what should I do? I can not punish an employment for att human error? I can myself of course make the mistake but since it is my company I got punished hard.
Please give us admins a possibility to "lock" any object so deletiion and even maybe some changes in the configuration must be confirmed in some way. Maybe a mail to the admin of the account?
Make this safe! It is not reasonable to save the data around the globe and then being able to delete a production site with a VIP that is integrated in the business with two clicks.
Please, make the adminsite as safe to use as you have made the storage of data safe.