Azure Infrastructure Architecture Introduction
Setting up your infrastructure in Azure can be very complex. The platform offers hundreds of services and you need to decide which ones are useful and how to implement them
in the best possible way for your organization. A number of factors will drive your decision: cost, manageability, performance, security, scalability.
- Global Azure Infrastructure
- Deployment Solutions: SaaS, PaaS, IaaS
- Hybrid Cloud Solutions: Azure Stack, Stack Hub
- Architectural Building Blocks: Storage, Networking, Compute
- Design Influencers: Security, Cost, Performance, High Availability, ...
- LAB: Azure Infrastructure Architecture Introduction
As a company you will probably end up with multiple subscriptions and lots of resources.
Structuring these Azure resources will be key to stay on top of it all.
- Management Groups
- Resource Groups
- Azure Lighthouse
- LAB: Designing Subscriptions
Azure resources can be deployed with lots of different methods: the Azure portal, scripts (PowerShell, Azure CLI), declarative methods (ARM templates, Terraform, Bicep).
Choosing the right method for your organization can reduce the cost of managing and creating your infrastructure components.
- Scripting versus Declarative Approach
- Declarative Languages: ARM Templates, Terraform, Bicep
- Azure BluePrints
- Azure DevOps versus GitHub
- LAB: Resource Deployment
Choosing a Compute Solution
Hosting applications in the cloud can be done using various different compute options. Choosing the right solution in terms of cost, availability, ease of management is
essential to provide a stable environment for your users.
- Virtual Machines
- Containers: Container Instances, Container Apps, AKS
- App Services: Web Apps, Azure Functions
- Compare Solutions: Cost, Security, Availability, Scalability
- LAB: Choosing a Compute Solution
Designing a network in the cloud is very similar to implementing your on-prem network. The same choices need to be made, the same services need to be provisioned.
- IP Address Ranges
- Hub and Spoke Topology
- Azure Virtual WAN
- Network Routing: UDR versus BGP
- Firewall Solutions
- Hybrid Networking: VPN Gateways versus ExpressRoute
- LAB: Network Design
To allow for easy communication between various application components both in the cloud and on-premisses, you need to design a name resolution strategy.
- Azure DNS Service
- Public DNS Zone
- Private DNS Zone
- Hybrid Name Resolution: Azure DNS Private Resolver
- LAB: Name Resolution
Design an Application Protection Strategy
Protecting your applications against a failure is an important part of your infrastructure setup. Azure provides different services
to help you accomplish this goal. The choice you make will have a significant impact on the price of the solution and the recovery time of your application.
- Disaster Recovery, Business Continuity and High Availability Solutions
- Azure Backup Services
- Azure Recovery Services
- Choosing a Load Balancing Solution: Azure Load Balancer, Application Gateway, Traffic Manager, Front Door
- LAB: Design an Application Protection Strategy
VNet Integration Options for PaaS Solutions
By design, PaaS solutions have a public endpoint which makes them accessible over the Internet. This is not always the best implementation from security point of vue.
Most PaaS services can be integrated with a VNet to limit public access.
- Service Endpoints
- Private Endpoints
- VNet Integration
- App Service Environment
- LAB: VNet Integration Options for PaaS Solutions
To control access to the services in the Azure cloud, you need to carefully design an authorization strategy. Decide which resources users and services can access
by implementing an RBAC mechanism. Consider where you are going to store your sensitive data and protect it accordingly.
- Role Based Access Control (RBAC)
- Options for Storing Sensitive Data
- Key Vault
- Managed Identities
- LAB: Security Architecture
Design for Identities
Azure AD is the center of everything that is related to authentication and authorization in the cloud. Azure AD supports various
authentication mechanisms and protection services that can help you secure your identities better and protect against possible identity theft.
Instead of this centralized system, Microsoft also supports decentralized identities with Verified IDs.
- Azure AD
- Hybrid Options: Azure AD Connect versus Azure AD Cloud Sync
- Sign In Options: MFA, Password-less Authentication
- Azure AD as Central Identity Service for all Applications
- Protection Features: Design Conditional Access Policies
- External Identities: Lifecycle Management
- Centralized versus Decentralized Identities: Verified IDs
- LAB: Design for Identities
Many companies host resources in the Azure cloud platform. But making design and architectural decisions is not always an easy task.
There are many roads that lead to a similar solution. So the key is to find the best option for the job in terms of cost, manageability, high availability, security, ...
In this course we will investigate various Azure services, compare them and debate about the best service for a given project.
This course focuses on architecture and design, not on the technical implementation of Azure resources.
This course is intended for IT professionals who need to design an infrastructure architecture in Azure. Participants should have experience in Azure
and understand the services and solutions offered by the platform.