Day[64/100] #100DaysOfCloud – Jonnychipz – Enterprise Scale – Landing Zone OpenHack – Day 1

Ok so today was Day 1 of the Microsoft Azure Enterprise Scale Landing Zone Open Hack. A chance for me and a few of my colleagues to work through a reasonably complex reference architecture of a fictitious company and basically work out and discuss an appropriate solution for defining an appropriate Azure Management Group / Azure Policy and RBAC configuration to meet the requirements of said fictitious company.

I won’t drill into the details of the Hack as I am sure this is IP created by Microsoft and to be honest I’m not sure if I am allowed to share directly. I will find out after Day 3 and if I am ok to do so then I may just do a short video or something like that.

The day started off around really defining what Enterprise Scale is. The official Microsoft documentation can be accessed here:

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/

And there is a great GitHub repo here:

https://aka.ms/enterprisescale

What is Enterprise Scale?

  • A reference architecture
  • Recommended patterns vetted by engineering
  • Adaptable to accommodate customer requirements
  • Accelerates onboarding of new workloads by removing governance blockers
  • Consistent policy based framework
  • Built using native tooling (Azure Policy and Management Groups)

How does Enterprise Scale relate to Cloud Adoption Framework?

Enterprise Scale fits within the ‘Ready’ phase of CAF.

Enterprise Scale Design Principles

  • Enable Autonomy for Innovation and Transformation
  • Security and Compliance By-Default
  • Governance At-Scale with Sustainable Cloud Engineering

Subscriptions should be used as a unit of management and scale aligned with business needs and priorities, to support business areas and portfolio owners to accelerate application migrations and new application development.

Azure Policy should be used to provide the guard-rails and ensure the continued compliance of the customer platform and applications deployed onto it, whilst also providing application owners sufficient freedom and a secure unhindered path to cloud.

The Enterprise-scale architecture should not consider any abstraction layers such as customer developed portals or tooling and should provide a consistent experience for both AppOps (centrally managed operation teams) and DevOps (dedicated application operation teams).

We should focus on application centric migrations and development rather than a pure infrastructure “lift and shift” migration (i.e. movement of virtual machines) and should not differentiate between old/new applications or IaaS/PaaS applications.

The Enterprise Scale architecture approach advocates the use of native platform services and capabilities whenever possible, which should be aligned with Azure platform roadmaps to ensure new capabilities are made available within customer environments.

Critical Design Areas

Github – Deploy to Azure

As part of the day we looked at deploying the GitHub stored ARM Templates covering the Management Group configuration as well as typical policy etc for a typical environment.

The following Github repository contains 3 examples:

https://github.com/Azure/Enterprise-Scale

Deploying Enterprise-Scale Architecture in your own environment

The Enterprise-Scale architecture is modular by design and allows customers to start with foundational Landing Zones that support their application portfolios, regardless of whether the applications are being migrated or are newly developed and deployed to Azure. The architecture can scale alongside the customer’s business requirements regardless of scale point. In this repository we are providing the following three templates representing different scenarios composed using ARM templates.

Reference implementationDescriptionLink
ContosoOn-premises connectivity using Azure vWANDetailed description
AdventureWorksOn-premises connectivity with Hub & SpokeDetailed description
WingTipAzure without hybrid connectivityDetailed description

From here we started to inspect some typical Policy and try and align it to our ficticious company!

From here we defined a typical approach for Management Group layout and subscription structure:

That’s where we left Day 1, looking forward to Day 2 where we will focus a lot more on the Azure Policy side so stay tuned for Day 2 tomorrow!

Machine generated alternative text:
What is 
Enterprise 
Scale? 
O 
A REFERENCE 
ARCHITECTURE - ANSWERS 
THE QUESTION: 
"HOW DO WE DO LZS AT 
SCALE ON AZURE?" 
RECOMMENDED PATTERNS 
VETTED BY ENGINEERING 
O 
ADAPTABLE TO 
ACCOMMODATE 
CUSTOMER 
REQUIREMENTS 
ACCELERATES 
ONBOARDING OF NEW 
WORKLOADS BY 
REMOVING GOVERNANCE 
BLOCKERS 
CONSISTENT POLICY-BASED 
FRAMEWORK 
O 
BUILT USING AZURE 
NATIVE TOOLING (AZURE 
POLICY AND 
MANAGEMENT GROUPS)

100DaysOfCloud Overview

My Main ReadMe Page is all set up with a bit about me!

The guys at 100DaysofCloud have set up the GitHub repo to be cloned and also have a great repo containing ideas and areas to collaborate on: https://github.com/100DaysOfCloud/100DaysOfCloudIdeas

My Github Journey tracker can be found here: https://github.com/jonnychipz/100DaysOfCloud

Please Watch/Star my repo and feel free to comment of contribute to anything I push! I really look forward to hearing from anyone who is going to jump on the journey around the same time as me! Lets see where I get to in 100 days!

I would encourage others to jump on this journey, I’m not sure that I will be able to commit every day for 100 days, but as long as I can complete 100 days that will be great!

http://www.100daysofcloud.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s