Scribd Logo
Upload

Welcome to Scribd!

  • Azure Design Principles

    Uploaded by

    kiran00551
    20 views10 pages

    Original Title

    Azure design principles

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views10 pages

    Azure Design Principles

    Uploaded by

    kiran00551

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    DA Azure Cloud Foundation design

    Approvals
    This document requires formal approval from the following parties:
    NAME ROLE COMPANY DATE

    Document Control

    Version History
    VERSION AUTHOR REVIEWER PURPOSE/COMMENTS DATE
    Version 1.0 TCS MBU Mason team First draft 1-Oct-2021

    Table of Contents

    Approvals 2
    Document Control 2
    Version History 2
    1. Introduction 7
    1.1 Objective 7
    1.2 Assumptions 7
    1.3 Design principles 7
    1.4 Architectural Design Decisions 7
    1.5 Security Design Considerations 7
    1.6 External References 8
    2 Cloud Governance 8
    2.1 Azure Regions 8
    2.2 Azure Enterprise Hierarchy 8
    2.2.1 Azure Tenancy 8
    2.3 Subscription Design 8
    2.4 Azure Subscription Governance Model 9
    2.4.1 Management Groups and Subscriptions 9
    2.4.2 Azure Policies 9
    2.4.3 Azure Blueprint 9
    2.4.4 Azure Resource Groups 9
    2.4.5 Azure Resource Locks 9
    2.5 Azure Identity & Access Management 9
    2.5.1 Administrative roles 9
    2.5.2 Multi Factor Authentication 10
    2.5.3 User & Group Management 10
    2.6 Naming Standards 10
    2.7 Tagging Standards 11
    2.8 Billing and Cost management 11
    3 Cloud Networking 11
    3.1 Connectivity 11
    3.1.1 Site to Site VPN 11
    3.1.2 ExpressRoute 11
    3.13 Azure Bastion 12
    3.2 Platform architecture Design 12
    1.2.1 Network Topology and Design 12
    3.2.2 Azure Vnets 12
    3.2.3 Subnet Design 13
    3.2.4 IP schema 13
    3.3 Network Routing 14
    3.3.1 Route Table 14
    5 Business Continuity and Disaster Recovery 14
    5.1 Azure Backup (Virtual machines) 14
    5.3 High Availability (Production) 15
    5.3.1 Virtual Machines 15
    5.3.2 App service plan 15
    5.3 Disaster Recovery 15
    6 Virtual Machine and Storage 15
    6.1 Azure Compute 15
    6.1.1 Virtual Machine Series 15
    6.2 Azure Storage 16
    6.2.1 Azure Managed Disk 16
    6.2.2 Azure Storage Account 16
    7 Monitoring and Log management 17
    7.1 Log Management 17
    7.1.1 Activity Logs 17
    7.1.2 Diagnostic Logs 17
    7.1.3 NSG Logs 17
    7.2 Monitoring & Alerting 17
    7.2.1 Infrastructure Monitoring 17
    7.2.2 Network Monitoring 17
    7.2..3 Alerting 17
    8 PaaS Services 18
    8.1 Azure App Service 18
    9 Automation – Infra as code/DevOps 18
    10 Appendix 18
    10.1 List of Acronyms & Abbreviations 18

    List of Tables

    Table 1: Architectural Design Decisions 11


    Table 2: Security Design Considerations 12
    Table 3: External References 12
    Table 4: Azure Regions 13
    Table 5: Resource groups 16
    Table 6: Administrative roles 17
    Table 7: Azure MFA 18
    Table 8: User and group management 18
    Table 9: Naming standards 19
    Table 10: Tagging standards 20
    Table 11: Site to Site VPN 21
    Table 12: Expressroute 21
    Table 13: Azure Bastion 22
    Table 14: Network design 24
    Table 15: Azure Vnets 24
    Table 16: Subnet design 25
    Table 17: IP schema 26
    Table 18: Route table 26
    Table 19: Backup policy - VMs 31
    Table 20: Backup policy - WebApps 32
    Table 21: Disaster recovery 33
    Table 22: Virtual Machine Series 34
    Table 23: Azure Managed disks 35
    Table 24: Azure Monitoring metrics 36
    Table 25: App service Plan 38
    Table 26: List of Acronyms & Abbreviations 38
    List of Figures
    Figure 1:Azure Tenancy 13
    Figure 2:Management Groups 15
    Figure 3:Network topology and design 23

    1. Introduction
    1.1 Objective

    1.2 Assumptions

    1.3 Design principles


    1.4 Architectural Design Decisions
    Item Description










    Table 1: Architectural Design Decisions

    1.5 Security Design Considerations


    # Description
    1
    2
    3
    4
    5
    6
    7
    8
    9
    Table 2: Security Design Considerations

    1.6 External References


    # Document Name Reference Link
    1

    Table 3: External References


    2 Cloud Governance
    2.1 Azure Regions

    Geography Primary Region Secondary Region

    Table 4: Azure Regions

    2.2 Azure Enterprise Hierarchy


    Azure Enterprise Agreement model will be used for hosting DA Application workloads.

    2.2.1 Azure Tenancy


    Figure 1:Azure Tenancy

    2.3 Subscription Design

    2.4 Azure Subscription Governance Model


    2.4.1 Management Groups and Subscriptions

    Figure 2:Management Groups

    2.4.2 Azure Policies

    2.4.3 Azure Blueprint

    2.4.4 Azure Resource Groups

    Table 5: Resource groups

    2.4.5 Azure Resource Locks

    2.5 Azure Identity & Access Management

    2.5.1 Administrative roles

    Role name Description Scope

    Table 6: Administrative roles

    2.5.2 Multi Factor Authentication

    Decisions Rationale

    Table 7: Azure MFA

    2.5.3 User & Group Management

    Decisions Rationale
    Table 8: User and group management

    2.6 Naming Standards

    Following Naming standards will be followed for DA Application workloads

    Azure Services Prefix Suggested Pattern Example Scope

    Table 9: Naming standards


    2.7 Tagging Standards
    Following tags will be used for each azure resource for grouping and for supporting
    any cost management reports using tags in future.

    # Key (Tag name) Used by Type Values Description


    1
    2
    3
    4
    5
    Table 10: Tagging standards

    2.8 Billing and Cost management

    3 Cloud Networking

    3.1 Connectivity
    3.1.1 Site to Site VPN

    Design Decisions Rationale



    Table 11: Site to Site VPN
    3.1.2 ExpressRoute

    Design Decisions Rationale

    Table 12: Expressroute


    3.13 Azure Bastion

    Design Decisions Rationale

    Table 13: Azure Bastion


    3.2 Platform architecture Design

    1.2.1 Network Topology and Design


    .

    Figure 3:Network topology and design


    Design Decision Rationale



    Table 14: Network design

    3.2.2 Azure Vnets

    VNet Name Description Region Subscription

    Table 15: Azure Vnets

    3.2.3 Subnet Design

    VNet Name Subnet Name Workload Deployed

    Table 16: Subnet design

    3.2.4 IP schema

    VNet Name IP Schema Region Subscription


    Table 17: IP schema
    3.3 Network Routing
    3.3.1 Route Table

    Destination Name Destination Network Next Hop

    Table 18: Route table

    5 Business Continuity and Disaster Recovery


    5.1 Azure Backup (Virtual machines)

    Backup Design Considerations

    Environment Resource Schedule Retention

    Table 19: Backup policy - VMs

    Environment Resource Schedule Retention

    Table 20: Backup policy - WebApps

    5.3 High Availability (Production)


    5.3.1 Virtual Machines

    5.3.2 App service plan

    5.3 Disaster Recovery

    Design Decision Rationale



    Table 21: Disaster recovery

    6 Virtual Machine and Storage


    6.1 Azure Compute
    6.1.1 Virtual Machine Series

    Type SKUs Purpose


    Table 22: Virtual Machine Series

    6.2 Azure Storage

    6.2.1 Azure Managed Disk

    Standard HDD Standard SSD Premium SSD

    Table 23: Azure Managed disks

    6.2.2 Azure Storage Account

    7 Monitoring and Log management

    7.1 Log Management


    7.1.1 Activity Logs
    7.1.2 Diagnostic Logs
    7.1.3 NSG Logs

    7.2 Monitoring & Alerting


    7.2.1 Infrastructure Monitoring

    Azure Resources Target Monitoring Metrics Alert Category Threshold

    Table 24: Azure Monitoring metrics

    7.2.2 Network Monitoring

    7.2..3 Alerting

    8 PaaS Services
    8.1 Azure App Service

    Design Decision Rationale

    Table 25: App service Plan

    9 Automation – Infra as code/DevOps

    10 Appendix
    10.1 List of Acronyms & Abbreviations

    Table 26: List of Acronyms & Abbreviations

    You might also like