Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Azure Scaffolding and Foundations for Enterprises

Azure Scaffolding and Foundations for Enterprises

Presented by Aaron Saikovski at the Global Azure Bootcamp 2019 in Sydney.

Best practices and recommendations on deploying Azure in large scale and complex environments. The session will cover that foundational elements of a successful Azure deployment in your enterprise.

Azure Sydney User Group

April 27, 2019

More Decks by Azure Sydney User Group

Other Decks in Technology


  1. Pressure to digitally transform & innovate Need for agility to

    reduce speed to market Shift to DevOps Cloud Sprawl -> Increased complexity in managing standard, accountability, compliance, consistent architecture & cost -> at Scale
  2. Native platform capabilities to ensure compliant use of cloud resources

    Blueprints Deploy and update cloud environments in a repeatable manner using composable artifacts Resource Graph Query, explore & analyze cloud resources at scale Management Group Define organizational hierarchy Cost Monitor cloud spend and optimize resources Policy Real-time enforcement, compliance assessment and remediation NEW NEW Control Visibility Environment Consumption Hierarchy NEW
  3. The Foundation: Enterprise Enrollment Enterprise Enrollment Account A Subscription 1

    Subscription 2 Subscription 3 Account B Department A Account C Subscription 4 Department B DON’T! 
  4. • Allow easier identification of resources in the Portal and

    in logs etc. • Allows easier breakout of data in Dashboards and Billing The Pillars: Naming Standards https://azure.microsoft.com/en-gb/documentation/articles/guidance-naming-conventions/
  5. Up to 9 months to review, define and deploy an

    app into a subscription Large surface area to secure, govern and audit Knowing and updating core infra was extremely tedious
  6. Azure Blueprints Idempotent definition to safely and efficiently provision and

    manage infra at scale Define all your artifacts (policies, RBAC and templates) that go into an environment in simple experience Lock down foundational infra that are shared across subscriptions
  7. Role-based access controls Policy Definitions ARM Templates Custom Scripts* Coming

    in June Contoso Blueprint Cloud Engineer Cloud Architect + ISO 27001 FedRAMP NIST …
  8. deploy and update cloud environments in a repeatable manner using

    composable artifacts Role-based access controls Policy Definitions ARM Templates
  9. Cloud Engineer 1 Creates a Blueprint Contoso Blueprint 2 Adds

    artifacts (azure resources) to be used 3 Lock foundational resources and Sequence Deployments Custom Scripts* Policies Resource Groups ARM Templates Role based access Provision Subscription Deployed and locked foundational artifact 4 Create Subscriptions and/or Apply Blueprint to Scope (MG, Sub, RG) Cloud Engineer Sub A Sub B … 5 Version and Update Blueprints 6 Built-in compliance Blueprints (ISO, HITRUST, PCI etc.)
  10. What is an Azure Blueprint? • A configured, secure, scalable

    Azure environments based on best practices • A starting point for new development and experimentation • A starting point for customers’ application migration journey • An environment that allows for iteration while maintain control and consistency
  11. • Deploys foundation infrastructure based on Virtual Datacentre (VDC) approach

    • Configures Roles – NetOps, SecOps, Sysops • Deploys: • RBAC • Log Analytics • VNet with on-premises support and NSGs and ASGs (Microsegmentation), • Bastion host, ADDS and DNS VMs • Key Vault • Network watcher with DDOS support