cloud professional services
Book A Meeting

Redesign the Production Environment Brief

How to redesign the Azure production environment for enhanced security & governance, with zero disruption 

The Challenge:

The Production Environment in Azure isn’t built following the Azure Best Practices and guidelines, there is a need for security, monitoring, cost, governance, high availability, and redundancy.

The Goal:

Providing an environment that will support and follow Azure best practices without compromising or interrupting the production environment and without damaging the user experience.

The Solution:

Redesign of the Production Environment in Hub & Spoke Topology, Segregating the Databases and using only private links to access, using Manage Identities and RBAC to access services, configuring monitoring, logging, and alerting

The Solution Architecture: 

Datarails Architecture - for Ohad (1)

The Cloudride Solution:

Cloudride Architecture expert recommends to set out a plan to re-design the production environment with security enhancements as per customer needs

Segregate all components in different vNETs, Subnets, and Resource groups, Create Hub & Spoke Topology which provide a single ingress point to the environment, all the services are private.
Using Private Links is more secure than Service Endpoints (although has a cost associated with), makes the traffic between components internal instead of exposing to the public.

Data components are backed by policy and access is controlled by RBAC.
Locking enabled on all resources,

Enable Audit Logs, Network Logs, Monitoring, and Alerting.

End Result

Enhanced security and improved Governance within a short timeframe and with zero disruption to the ongoing performance or user experience.  

Book A Meeting

Share the story:
Projects time frame (Weeks)
0

Using Private Links

allows you to access Azure PaaS service over a Private IP address within the VNet. It gets a new private IP on your VNet. When you send traffic to PaaS resources, it will always ensure traffic stays within your VNet.

Hub & Spoke Topology

which provides a single ingress point to the environment, all the services are private