Scribd
Upload
78 views

Azure Design Principles

- The document provides a design for a DA Azure Cloud Foundation. It covers governance, networking, security, compute, storage, monitoring and logging. - Key aspects of the design include establishing management groups, subscriptions, VNETs and subnets. Policies and standards are defined for naming, tagging and access management. - Connectivity options like VPN and ExpressRoute are included. High availability, backup and disaster recovery strategies are described for critical workloads. Monitoring is configured for infrastructure, networking and alerts.

Uploaded by

kiran00551
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
78 views

Azure Design Principles

- The document provides a design for a DA Azure Cloud Foundation. It covers governance, networking, security, compute, storage, monitoring and logging. - Key aspects of the design include establishing management groups, subscriptions, VNETs and subnets. Policies and standards are defined for naming, tagging and access management. - Connectivity options like VPN and ExpressRoute are included. High availability, backup and disaster recovery strategies are described for critical workloads. Monitoring is configured for infrastructure, networking and alerts.

Uploaded by

kiran00551
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 10

DA Azure Cloud Foundation design

Approvals
This document requires formal approval from the following parties:
NAME ROLE COMPANY DATE

Document Control

Version History
VERSION AUTHOR REVIEWER PURPOSE/COMMENTS DATE
Version 1.0 TCS MBU Mason team First draft 1-Oct-2021

Table of Contents

Approvals 2
Document Control 2
Version History 2
1. Introduction 7
1.1 Objective 7
1.2 Assumptions 7
1.3 Design principles 7
1.4 Architectural Design Decisions 7
1.5 Security Design Considerations 7
1.6 External References 8
2 Cloud Governance 8
2.1 Azure Regions 8
2.2 Azure Enterprise Hierarchy 8
2.2.1 Azure Tenancy 8
2.3 Subscription Design 8
2.4 Azure Subscription Governance Model 9
2.4.1 Management Groups and Subscriptions 9
2.4.2 Azure Policies 9
2.4.3 Azure Blueprint 9
2.4.4 Azure Resource Groups 9
2.4.5 Azure Resource Locks 9
2.5 Azure Identity & Access Management 9
2.5.1 Administrative roles 9
2.5.2 Multi Factor Authentication 10
2.5.3 User & Group Management 10
2.6 Naming Standards 10
2.7 Tagging Standards 11
2.8 Billing and Cost management 11
3 Cloud Networking 11
3.1 Connectivity 11
3.1.1 Site to Site VPN 11
3.1.2 ExpressRoute 11
3.13 Azure Bastion 12
3.2 Platform architecture Design 12
1.2.1 Network Topology and Design 12
3.2.2 Azure Vnets 12
3.2.3 Subnet Design 13
3.2.4 IP schema 13
3.3 Network Routing 14
3.3.1 Route Table 14
5 Business Continuity and Disaster Recovery 14
5.1 Azure Backup (Virtual machines) 14
5.3 High Availability (Production) 15
5.3.1 Virtual Machines 15
5.3.2 App service plan 15
5.3 Disaster Recovery 15
6 Virtual Machine and Storage 15
6.1 Azure Compute 15
6.1.1 Virtual Machine Series 15
6.2 Azure Storage 16
6.2.1 Azure Managed Disk 16
6.2.2 Azure Storage Account 16
7 Monitoring and Log management 17
7.1 Log Management 17
7.1.1 Activity Logs 17
7.1.2 Diagnostic Logs 17
7.1.3 NSG Logs 17
7.2 Monitoring & Alerting 17
7.2.1 Infrastructure Monitoring 17
7.2.2 Network Monitoring 17
7.2..3 Alerting 17
8 PaaS Services 18
8.1 Azure App Service 18
9 Automation – Infra as code/DevOps 18
10 Appendix 18
10.1 List of Acronyms & Abbreviations 18

List of Tables

Table 1: Architectural Design Decisions 11


Table 2: Security Design Considerations 12
Table 3: External References 12
Table 4: Azure Regions 13
Table 5: Resource groups 16
Table 6: Administrative roles 17
Table 7: Azure MFA 18
Table 8: User and group management 18
Table 9: Naming standards 19
Table 10: Tagging standards 20
Table 11: Site to Site VPN 21
Table 12: Expressroute 21
Table 13: Azure Bastion 22
Table 14: Network design 24
Table 15: Azure Vnets 24
Table 16: Subnet design 25
Table 17: IP schema 26
Table 18: Route table 26
Table 19: Backup policy - VMs 31
Table 20: Backup policy - WebApps 32
Table 21: Disaster recovery 33
Table 22: Virtual Machine Series 34
Table 23: Azure Managed disks 35
Table 24: Azure Monitoring metrics 36
Table 25: App service Plan 38
Table 26: List of Acronyms & Abbreviations 38
List of Figures
Figure 1:Azure Tenancy 13
Figure 2:Management Groups 15
Figure 3:Network topology and design 23

1. Introduction
1.1 Objective

1.2 Assumptions

1.3 Design principles


1.4 Architectural Design Decisions
Item Description










Table 1: Architectural Design Decisions

1.5 Security Design Considerations


# Description
1
2
3
4
5
6
7
8
9
Table 2: Security Design Considerations

1.6 External References


# Document Name Reference Link
1

Table 3: External References


2 Cloud Governance
2.1 Azure Regions

Geography Primary Region Secondary Region

Table 4: Azure Regions

2.2 Azure Enterprise Hierarchy


Azure Enterprise Agreement model will be used for hosting DA Application workloads.

2.2.1 Azure Tenancy


Figure 1:Azure Tenancy

2.3 Subscription Design

2.4 Azure Subscription Governance Model


2.4.1 Management Groups and Subscriptions

Figure 2:Management Groups

2.4.2 Azure Policies

2.4.3 Azure Blueprint

2.4.4 Azure Resource Groups

Table 5: Resource groups

2.4.5 Azure Resource Locks

2.5 Azure Identity & Access Management

2.5.1 Administrative roles

Role name Description Scope

Table 6: Administrative roles

2.5.2 Multi Factor Authentication

Decisions Rationale

Table 7: Azure MFA

2.5.3 User & Group Management

Decisions Rationale
Table 8: User and group management

2.6 Naming Standards

Following Naming standards will be followed for DA Application workloads

Azure Services Prefix Suggested Pattern Example Scope

Table 9: Naming standards


2.7 Tagging Standards
Following tags will be used for each azure resource for grouping and for supporting
any cost management reports using tags in future.

# Key (Tag name) Used by Type Values Description


1
2
3
4
5
Table 10: Tagging standards

2.8 Billing and Cost management

3 Cloud Networking

3.1 Connectivity
3.1.1 Site to Site VPN

Design Decisions Rationale



Table 11: Site to Site VPN
3.1.2 ExpressRoute

Design Decisions Rationale

Table 12: Expressroute


3.13 Azure Bastion

Design Decisions Rationale

Table 13: Azure Bastion


3.2 Platform architecture Design

1.2.1 Network Topology and Design


.

Figure 3:Network topology and design


Design Decision Rationale



Table 14: Network design

3.2.2 Azure Vnets

VNet Name Description Region Subscription

Table 15: Azure Vnets

3.2.3 Subnet Design

VNet Name Subnet Name Workload Deployed

Table 16: Subnet design

3.2.4 IP schema

VNet Name IP Schema Region Subscription


Table 17: IP schema
3.3 Network Routing
3.3.1 Route Table

Destination Name Destination Network Next Hop

Table 18: Route table

5 Business Continuity and Disaster Recovery


5.1 Azure Backup (Virtual machines)

Backup Design Considerations

Environment Resource Schedule Retention

Table 19: Backup policy - VMs

Environment Resource Schedule Retention

Table 20: Backup policy - WebApps

5.3 High Availability (Production)


5.3.1 Virtual Machines

5.3.2 App service plan

5.3 Disaster Recovery

Design Decision Rationale



Table 21: Disaster recovery

6 Virtual Machine and Storage


6.1 Azure Compute
6.1.1 Virtual Machine Series

Type SKUs Purpose


Table 22: Virtual Machine Series

6.2 Azure Storage

6.2.1 Azure Managed Disk

Standard HDD Standard SSD Premium SSD

Table 23: Azure Managed disks

6.2.2 Azure Storage Account

7 Monitoring and Log management

7.1 Log Management


7.1.1 Activity Logs
7.1.2 Diagnostic Logs
7.1.3 NSG Logs

7.2 Monitoring & Alerting


7.2.1 Infrastructure Monitoring

Azure Resources Target Monitoring Metrics Alert Category Threshold

Table 24: Azure Monitoring metrics

7.2.2 Network Monitoring

7.2..3 Alerting

8 PaaS Services
8.1 Azure App Service

Design Decision Rationale

Table 25: App service Plan

9 Automation – Infra as code/DevOps

10 Appendix
10.1 List of Acronyms & Abbreviations

Table 26: List of Acronyms & Abbreviations

You might also like