Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Azure Scaffolding and Foundations for Enterprises

Azure Scaffolding and Foundations for Enterprises

Presented by Aaron Saikovski at the Global Azure Bootcamp 2019 in Sydney.

Best practices and recommendations on deploying Azure in large scale and complex environments. The session will cover that foundational elements of a successful Azure deployment in your enterprise.

Azure Sydney User Group

April 27, 2019
Tweet

More Decks by Azure Sydney User Group

Other Decks in Technology

Transcript

  1. Pressure to
    digitally
    transform &
    innovate
    Need for
    agility to
    reduce speed
    to market
    Shift to
    DevOps
    Cloud Sprawl ->
    Increased complexity in
    managing standard,
    accountability,
    compliance, consistent
    architecture & cost ->
    at Scale

    View full-size slide

  2. Sacrifice Speed for Control
    Developers
    Operations
    Cloud Custodian /
    Engineers responsible
    for Cloud environment

    View full-size slide

  3. Speed and Control
    Developers
    Built-in controls through
    policy instead of workflow
    Operations
    Cloud Custodian
    Team

    View full-size slide

  4. Native platform capabilities to ensure compliant use of cloud resources
    Blueprints
    Deploy and update
    cloud environments in
    a repeatable manner
    using composable
    artifacts
    Resource Graph
    Query, explore &
    analyze cloud
    resources at scale
    Management Group
    Define organizational
    hierarchy
    Cost
    Monitor cloud spend
    and optimize
    resources
    Policy
    Real-time
    enforcement,
    compliance
    assessment and
    remediation
    NEW NEW
    Control Visibility
    Environment Consumption
    Hierarchy
    NEW

    View full-size slide

  5. What is the
    ?
    Overview of the

    View full-size slide

  6. The Foundation: Enterprise Enrollment
    Enterprise
    Enrollment
    Account A
    Subscription 1 Subscription 2 Subscription 3
    Account B
    Department A
    Account C
    Subscription 4
    Department B
    DON’T!

    View full-size slide

  7. EA/Account/Subscription examples
    Or Or

    View full-size slide

  8. • Allow easier
    identification of
    resources in the Portal
    and in logs etc.
    • Allows easier breakout
    of data in Dashboards
    and Billing
    The Pillars: Naming Standards
    https://azure.microsoft.com/en-gb/documentation/articles/guidance-naming-conventions/

    View full-size slide

  9. SaaS
    Public
    Cloud
    VPN
    ExpressRoute
    NSP internet

    View full-size slide

  10. Up to 9 months to review, define and deploy an app into a subscription
    Large surface area to secure, govern and audit
    Knowing and updating core infra was extremely tedious

    View full-size slide

  11. Azure Blueprints
    Idempotent definition
    to safely and
    efficiently provision
    and manage infra at
    scale
    Define all your
    artifacts (policies,
    RBAC and templates)
    that go into an
    environment in
    simple experience
    Lock down
    foundational infra
    that are shared
    across subscriptions

    View full-size slide

  12. Role-based access controls
    Policy Definitions
    ARM Templates
    Custom Scripts*
    Coming in June
    Contoso Blueprint
    Cloud Engineer
    Cloud Architect
    +
    ISO 27001
    FedRAMP
    NIST

    View full-size slide

  13. deploy and update cloud environments in a repeatable manner using composable artifacts
    Role-based access controls
    Policy Definitions
    ARM Templates

    View full-size slide

  14. Cloud Engineer
    1
    Creates a Blueprint
    Contoso Blueprint
    2 Adds artifacts (azure
    resources) to be used
    3
    Lock foundational resources and
    Sequence Deployments
    Custom Scripts*
    Policies
    Resource Groups
    ARM Templates
    Role based access
    Provision Subscription
    Deployed and locked foundational
    artifact
    4
    Create Subscriptions and/or Apply
    Blueprint to Scope (MG, Sub, RG)
    Cloud Engineer
    Sub A
    Sub B

    5 Version and Update Blueprints
    6 Built-in compliance Blueprints
    (ISO, HITRUST, PCI etc.)

    View full-size slide

  15. What is an Azure Blueprint?
    • A configured, secure, scalable Azure environments based on best practices
    • A starting point for new development and experimentation
    • A starting point for customers’ application migration journey
    • An environment that allows for iteration while maintain control and
    consistency

    View full-size slide

  16. • Deploys foundation infrastructure based on Virtual Datacentre
    (VDC) approach
    • Configures Roles – NetOps, SecOps, Sysops
    • Deploys:
    • RBAC
    • Log Analytics
    • VNet with on-premises support and NSGs and ASGs
    (Microsegmentation),
    • Bastion host, ADDS and DNS VMs
    • Key Vault
    • Network watcher with DDOS support

    View full-size slide