The Production Environment in Azure isn’t built following the Azure Best Practices and guidelines, there is a need for security, monitoring, cost, governance, high availability, and redundancy.
Providing an environment that will support and follow Azure best practices without compromising or interrupting the production environment and without damaging the user experience.
Redesign of the Production Environment in Hub & Spoke Topology, Segregating the Databases and using only private links to access, using Manage Identities and RBAC to access services, configuring monitoring, logging, and alerting
The Solution Architecture:
The Cloudride Solution:
Cloudride Architecture expert recommends to set out a plan to re-design the production environment with security enhancements as per customer needs
Segregate all components in different vNETs, Subnets, and Resource groups, Create Hub & Spoke Topology which provide a single ingress point to the environment, all the services are private.
Using Private Links is more secure than Service Endpoints (although has a cost associated with), makes the traffic between components internal instead of exposing to the public.
Data components are backed by policy and access is controlled by RBAC.
Locking enabled on all resources,
Enable Audit Logs, Network Logs, Monitoring, and Alerting.
Enhanced security and improved Governance within a short timeframe and with zero disruption to the ongoing performance or user experience.
allows you to access Azure PaaS service over a Private IP address within the VNet. It gets a new private IP on your VNet. When you send traffic to PaaS resources, it will always ensure traffic stays within your VNet.
which provides a single ingress point to the environment, all the services are private