Azure Scaffolding and Foundations for Enterprises

Transcript

1. [email protected]

2. None

3. Pressure to digitally transform & innovate Need for agility to

   reduce speed to market Shift to DevOps Cloud Sprawl -> Increased complexity in managing standard, accountability, compliance, consistent architecture & cost -> at Scale

4. Sacrifice Speed for Control Developers Operations Cloud Custodian / Engineers

   responsible for Cloud environment

5. Speed and Control Developers Built-in controls through policy instead of

   workflow Operations Cloud Custodian Team

6. Native platform capabilities to ensure compliant use of cloud resources

   Blueprints Deploy and update cloud environments in a repeatable manner using composable artifacts Resource Graph Query, explore & analyze cloud resources at scale Management Group Define organizational hierarchy Cost Monitor cloud spend and optimize resources Policy Real-time enforcement, compliance assessment and remediation NEW NEW Control Visibility Environment Consumption Hierarchy NEW
7. None

8. What is the ? Overview of the

9. The Foundation: Enterprise Enrollment Enterprise Enrollment Account A Subscription 1

   Subscription 2 Subscription 3 Account B Department A Account C Subscription 4 Department B DON’T! 

10. EA/Account/Subscription examples Or Or

11. • Allow easier identification of resources in the Portal and

    in logs etc. • Allows easier breakout of data in Dashboards and Billing The Pillars: Naming Standards https://azure.microsoft.com/en-gb/documentation/articles/guidance-naming-conventions/

12. SaaS Public Cloud VPN ExpressRoute NSP internet

13. None
14. None
15. None
16. None

17. Up to 9 months to review, define and deploy an

    app into a subscription Large surface area to secure, govern and audit Knowing and updating core infra was extremely tedious

18. Azure Blueprints Idempotent definition to safely and efficiently provision and

    manage infra at scale Define all your artifacts (policies, RBAC and templates) that go into an environment in simple experience Lock down foundational infra that are shared across subscriptions

19. Role-based access controls Policy Definitions ARM Templates Custom Scripts* Coming

    in June Contoso Blueprint Cloud Engineer Cloud Architect + ISO 27001 FedRAMP NIST …

20. deploy and update cloud environments in a repeatable manner using

    composable artifacts Role-based access controls Policy Definitions ARM Templates

21. Cloud Engineer 1 Creates a Blueprint Contoso Blueprint 2 Adds

    artifacts (azure resources) to be used 3 Lock foundational resources and Sequence Deployments Custom Scripts* Policies Resource Groups ARM Templates Role based access Provision Subscription Deployed and locked foundational artifact 4 Create Subscriptions and/or Apply Blueprint to Scope (MG, Sub, RG) Cloud Engineer Sub A Sub B … 5 Version and Update Blueprints 6 Built-in compliance Blueprints (ISO, HITRUST, PCI etc.)

22. What is an Azure Blueprint? • A configured, secure, scalable

    Azure environments based on best practices • A starting point for new development and experimentation • A starting point for customers’ application migration journey • An environment that allows for iteration while maintain control and consistency

23. • Deploys foundation infrastructure based on Virtual Datacentre (VDC) approach

    • Configures Roles – NetOps, SecOps, Sysops • Deploys: • RBAC • Log Analytics • VNet with on-premises support and NSGs and ASGs (Microsegmentation), • Bastion host, ADDS and DNS VMs • Key Vault • Network watcher with DDOS support
24. None
25. None
26. None
27. None