Azure IaaSServer Life

Cycle

PROVISION - ARM Templates - Resource Groups - Resource Policies - Azure Deploy

CONFIGURE - Resource Tags, Locks - Desired State Configuration (DSC) - Role Based Access Control (RBAC) - VM Agents and Extensions

OPERATE and MAINTAIN - Azure Backup - DSC configuration drift - PowerShell, Azure Portal, tools - Azure Automation

MONITOR and REPORT - Azure Billing API - Power BI - Azure Diagnostics / Alerts - Log Analytics / OMS Portal

DECOMMISSION - Delete Resource Group

Server Lifecyclein Azure

Asperia-HR-Prod

10.20.0.0/24vNetPeering

10.10.0.0/24

10.10.1.0/24

10.0.0.0/16

Power BI

Storage

Backup Agent

TagsPiP

Nic

Asperia-IT-Prod

vmSPW1

vmSPW2

vmADP1

vmFS1

vmSPA1

vmDMA2

FE-NSG BE-NSG

BE-NSG

Azure VPN Gateway

10.10.0.0/16Virtual Network

AzureAutomation

Power BICSV files / SQL

10.20.0.0/16Virtual Network

AzureSupport

RBAC &PrivilegedIdentity

Management

Resource Group

Azure SecurityCentre

ARM Templates

GitHub

ResourceLocks

DSC

Azure Diagnostics

MFA

AzureKey Vault Agents

VM

VM VM VM

Recovery Vault

ResourcePolicies

Management GUI / Scripts

Power BI DashboardMS OMS Dashboard

ASR for lift & shiftMS Assessment Planning

Azure BillingAPI

Subscription Hierarchy• EA > Dept(s) > Account(s)• Standard – Account

Naming Standards• Subscriptions – 3rd party access

e.g. Contoso-HR-Production• Global unique names• Server – prefix dependant resources

Network• WAN address space• Virtual networks – vNet peering• Subnets – usage, addressing• Security boundaries - NSGs

Resource Groups• Lifecycle, functional• Security boundary

Tags• Basis for management & reporting• Start with dashboard view – KPIs,

usage, billing PowerShell & Automation• GUI – Windows Forms• Reporting via Power BI

Diagnostics & Analytics• OMS Portal - Alerts• SCOM integration

Access• RBAC – security groups• Just In Time administration• Auditing

Licensing• Hybrid Use Benefit• Computer pre-purchase• Compute Option

Some Design Considerations

Resource Template Repository

• File Server• GitHub

Copy template folder1

Staging Area• Local

Workstation

Edit Parameter Fileand Build2

ARM Template• Validated

3 Azure Storage• Nested

TemplatesUpload template folder to Azure StorageIf using nested resources

Deploy Template

4Azure

Make it so!

Example Deployment Model

Customised GUIs for Working with Azure & Office 365

Power BI

Power BI Dashboards created from Resource Tags and PowerShell

ReferencesAzure subscription and service limits, quotas, and constraints- https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits

Azure Billing API- https://docs.microsoft.com/en-au/azure/billing-usage-rate-card-overview

Azure Subscriptions – Enterprise Agreements- http://searchcloudcomputing.techtarget.com/tip/How-to-set-up-and-manage-Azure-subscriptions

Azure Support Plans and Forums